Computing devices include one or more processors for executing software instructions present in the processor's operating memory. To provide flexibility and adaptability, many computing devices employ a staggered approach to loading software instructions. Under this approach, modular software components stored in persistent memory or storage devices are configured with instructions and parameters needed to load and initiate execution of additional modular software components, including the operating system. During the device startup operation, these module software components are referred to as “boot components” that execute in a “boot sequence” that culminates in the loading of all instructions into the operating memory that are necessary for device operation. Performing device startup in this manner permits divergent storage means for the various boot components. Moreover, certain necessary updates to the device can be accomplished by simple modifications to an individual booting component or parameters.
The capacity to update the boot components introduces vulnerabilities into the device. For instance, a virus, trojan, or other malicious software (or “malware”) operating on the device may modify or replace any or all of the boot components in order to gain control of the device. Where the malware is successful, the device is said to be “compromised” or “infected.”
Typically, upon detecting the device's compromised state, a user executes software on the device designed to identify and quarantine any infected software or data in an attempt to restore the device to its proper operating mode. In some instances, a compromised device may be unable to recover due to nature of the malicious software and the defensive measures erected by the infection. For instance, the malicious software may have modified the operating system so as to prevent an anti-virus program from executing a remedial routine capable of repairing or even detecting the modification. In another example, the malicious software may have modified a boot loader of the computing device so as prevent the operating system from loading altogether, thereby rendering the device inoperable. Where restoration is impossible, as in these examples, an administrator may be forced to reinstall and/or replace all of the boot components for the device by, for example, reformatting the device's hard drive and installing a clean version of the entire operating system and other system software components. This wholesale reinstallation is a time-consuming and expensive operation. Moreover, such wholesale reinstallation frequently results in the loss of user data and settings.